Merge pull request #11356 from owncloud/redirect-only-to-the-same-domain

Redirect only to absolute URL
author: Lukas Reschke <lukas@owncloud.com> 2014-10-01 12:47:43 +0200
committer: Lukas Reschke <lukas@owncloud.com> 2014-10-01 12:47:43 +0200
commit: e762ff2bbdc4eefd6aefab1950f7da83f2c6735d (patch)
tree: c7379abc7a6efd765bad56520ec89a317a71d83d /lib
parent: e93f98f1de772ae363e4e5c839f5a8e957c113e9 (diff)
parent: 6e7365fc1725fdb6868398ebb821aa44a09fb903 (diff)
download: nextcloud-server-e762ff2bbdc4eefd6aefab1950f7da83f2c6735d.tar.gz
nextcloud-server-e762ff2bbdc4eefd6aefab1950f7da83f2c6735d.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/private/util.php b/lib/private/util.php
index 5097174ac11..304db827a1a 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -847,8 +847,10 @@ class OC_Util {
 	 */
 	public static function getDefaultPageUrl() {
 		$urlGenerator = \OC::$server->getURLGenerator();
-		if (isset($_REQUEST['redirect_url'])) {
-			$location = urldecode($_REQUEST['redirect_url']);
+		// Deny the redirect if the URL contains a @
+		// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
+		if (isset($_REQUEST['redirect_url']) && strpos($_REQUEST['redirect_url'], '@') === false) {
+			$location = $urlGenerator->getAbsoluteURL(urldecode($_REQUEST['redirect_url']));
 		} else {
 			$defaultPage = OC_Appconfig::getValue('core', 'defaultpage');
 			if ($defaultPage) {
author	Lukas Reschke <lukas@owncloud.com>	2014-10-01 12:47:43 +0200
committer	Lukas Reschke <lukas@owncloud.com>	2014-10-01 12:47:43 +0200
commit	e762ff2bbdc4eefd6aefab1950f7da83f2c6735d (patch)
tree	c7379abc7a6efd765bad56520ec89a317a71d83d /lib
parent	e93f98f1de772ae363e4e5c839f5a8e957c113e9 (diff)
parent	6e7365fc1725fdb6868398ebb821aa44a09fb903 (diff)
download	nextcloud-server-e762ff2bbdc4eefd6aefab1950f7da83f2c6735d.tar.gz nextcloud-server-e762ff2bbdc4eefd6aefab1950f7da83f2c6735d.zip